With effect from May 2018, the role of GDPR has become very crucial for businesses running on marketplaces, eCommerce platforms, SaaS and even Cryptocurrency. It’s time, you make a checklist of compliances and get your business GDPR compliant.
The General Data Protection Regulation or GDPR is an EU data protection regulation that specifies how the data of the customers living in EU should be used and protected.
The regulation applies to all the organisation either operating in EU or outside EU which processes the data of EU customers.
The regulation has been termed as the basic data fundamental rights granted to citizens which gives them more control of their personal data. GDPR was adopted by the European Union on April 2016 and came into effect on 25th May 2018.
What changes with GDPR?
Before GDPR, there was the Directive 95/46/EC which protected the free movement of customer data. But with the fall of Safe Harbor Agreement in 2010 and revelations as made by Edward Snowden, EU decided to change the policies by making it more transparent.
Getting Your Marketplace Ready for GDPR
Being non-compliant to GDPR can have huge implications and can cost you up to 4% of global turnover or €20 million or whichever is greater. Below are the few compliance checklists that you can use to make your business GDPR compliant.
Transparent Privacy Policy
You ought to revise your privacy policy as per regulations keeping in adherence to Right to be Informed. List out the cookies collected by you when a customer comes on your Marketplace.
Mention information regarding what data you collect, to whom you share and how you use your customer personal data.
You can use Magento 2 Custom Registration Fields Extension to customise the policies on your Magento Store. Admin can go to Stores > Configuration > Webkul > Customer Terms & Conditions to configure the front-end view.
Take Customers Consent
GDPR hold its core importance on consent. You should allow customers to give consent for promotional emails and newsletters and allowing to positively opt-in for that. Provide checkboxes to opt-in for newsletters and agreeing to the privacy policy and terms & conditions.
Customers can go to their Customer Dashboard > Newsletter Subscription (Check/Uncheck).
Manage Consent List
Track your customer’s list who have given consent for your newsletters or promotional messages while signing up. To view the list go to Admin Dashboard > Marketing > Newsletters Subscribers.
Cookie Management
The Right to Object to the processing of personal data and Right to be Informed, oblige you to mention the cookies to the customer you are capturing when they come to your store.
A cookie banner should be displayed with the option to Agree or change settings to your customer.
One such extension you can use for your Virtuemart marketplace is Joomla GDPR Compliance. After installing the extension, Admin can go to Components > GDPR Compliance > Cookie Settings (View Details) to configure the cookie and mention cookie list.
Exercise Data Rights
It’s important that you allow your customers to exercise data rights from customer dashboard. Data rights are one of the core changes made by EU in new Data Protection Regulation.
With the help of Prestashop GDPR Compliance module, you can easily allow customers to request for data deletion, rectification and downloading personal Data. Admin can set the configuration by going to Admin > Manage GDPR > GDPR General Configuration/Mail Configuration/Cookie Block.
Frequently Asked Questions
Keep your customers up to date with the most common questions and how they can access their data rights by creating a list of questions on your store. FAQs keep your customers remain acquainted with the GDPR changes on your store.
You can use Accordion FAQ Extension to create FAQs on your Magento Store. Admin can go to their Admin Dashboard > WebkulAccordionFAQ > Add/Manage FAQ.
Announce Updates and Re-Consent
The new users can now give you consent and see you policies before proceeding to buy something from your store but what about your old customers?
It’s very important that you should communicate with them about the changes and take a re-consent from them about continuing to receive your newsletters and promotional emails.
On you Magento Store, you can create Newsletters by going to Marketing > Newsletter Template to check out the existing template or create one.
Put the specific newsletter in Queue from Action Column. Go to Marketing > Newsletter Queue, to check the status of the newsletter as sent or pending.
Let us know in comments what techniques you have used for making your store GDPR compliant.
Even better, we have made a dedicated Magento 2 GDPR extension with all the features you need to make your online store comply with EU laws and secure customer data.
For any query regarding GDPR modules, you can email us at [email protected]
Be the first to comment.